Date: Wed, 14 Apr 2021 12:20:58 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: mike tancsa <mike@sentex.net> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: name:wrek vulnerabilities ? Message-ID: <20210414162058.mrhv7cnyxrad5n7e@mutt-hbsd> In-Reply-To: <e08128b2-dece-b95e-6fae-e408fa2a3ec8@sentex.net> References: <e08128b2-dece-b95e-6fae-e408fa2a3ec8@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--xb2u6txeaf73mpzi Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Apr 14, 2021 at 11:44:06AM -0400, mike tancsa wrote: > I heard about this on the ISC stormcast podcast this AM, but I cant > quite make heads or tails of if/when what was patched with respect to > FreeBSD. >=20 > https://www.forescout.com/company/blog/forescout-and-jsof-disclose-new-dn= s-vulnerabilities-impacting-millions-of-enterprise-and-consumer-devices/ >=20 > They have a dhclient one I think is > https://www.freebsd.org/security/advisories/FreeBSD-SA-20:26.dhclient.asc, > but the report somewhat ambiguously writes there is a new one ? >=20 > "Table 3 =E2=80=93 New vulnerabilities in NAME:WRECK. Rows are colored ac= cording > to the CVSS score: yellow for medium or high and red for critical." Yet > the CVE ref is the above SA 20:26?! So this is new or this is just a > paper talking about a bug patched last August ? The paper's referencing a bug that's already fixed in all supported versions of FreeBSD. A lot of hand waving just for "nothing to see here, move along" if your systems are up-to-date. The commit that fixed the vulnerability is 8f594d4355a16f963e246be0b88b9fba8ad77049, made on 31 Aug 2020. That's over a half a year ago. Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --xb2u6txeaf73mpzi Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmB3FmcACgkQ/y5nonf4 4foLmg//QoRJtxfZeGf7IdWnH+NefnI3Xvy7zipHFBC+H4Mo0buWNjIQL7z39vjz sTee16eIw/vsg3PmQSkqGURCVko+y1tffW19+tgW3ONVJPuL77QkMM18BjPafy4v U2DvCNSiAq6tvEhlXKgTEN5c0wTRnEp0qfBNXLDar4MOjOgVzfhTYFyJo5Gf2DnM u2HCooe76enJPv5b9ytgCxAbyxRqs2XRFiUV+aN+bPLIfRR1t3qulpe2pIpGWW/C SlMSC5KFklUU7UmWwr5pVsv/p6av/BZwRLeeEDw255kIxGyTvqbrGt5rjW33qgca HskiUv94vfKgqeRO5Our0HpMU7ASR7kr79iGD7vCfnKMsQiVjWED5fMShWnmT1Up JfAgfH342fVSK1Jij1bGRNiu+DtwonKuUicA+n0Ej/CnOA4sdoLNKB82y5MeVMVB 01+3grfTSU7Gq5HoYe+P1+HV47E4nWyYn1AenVdkOvuvna59DiwKg9bv7tix4Y7t bgzatQMvVt4IVwEYaTJC3d0uvangEBjKZfzzLpRPE5hghNt83Sr2FCqgbR+RL7Ob BRHkebWqDRtli7ZIXnPKULu9nmXzEvRyDHb1ogqoMY4feY5RPGFMH1RIoO+Xn3rh tOOq/U5ipmxCT/8xrmN6kiMD0YDjcqTBOJgsjmug4LltOTUhtuA= =Xie7 -----END PGP SIGNATURE----- --xb2u6txeaf73mpzi--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210414162058.mrhv7cnyxrad5n7e>